Description

MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.

Remediation

References

CVE-2004-1405

Related Vulnerabilities

ownCloud Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-36252)

Vulnerable package dependencies [high]

MySQL CVE-2015-4904 Vulnerability (CVE-2015-4904)

TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20111)

WordPress Other Vulnerability (CVE-2007-0539)

Severity

High

Classification

CVE-2004-1405

Tags

Missing Update Known Vulnerabilities